A number of hackers have been picked up by law enforcement in recent months. As the Senate Intelligence, Senate Judiciary, and House Intelligence Committees, and Special Counsel Robert Mueller’s team, continue to dig deeper into Russian intervention in the 2016 election, these hackers and their exploits may be of interest.

Yevgeniy NikulinNikulin was detained in the Czech Republic on October 5, 2016 at the request of the U.S. government, for allegedly hacking LinkedIn, Dropbox and Formspring servers in 2012 and 2013.

Taylor HuddlestonTaylor Huddleston was arrested in early 2017 in Arkansas on charges of conspiracy and aiding and abetting computer intrusions. He designed a Remote Administration Tool (RAT) called Nanocore, which has been used by hackers in attacks “in at least 10 countries, including an attack on Middle Eastern energy firms in 2015, and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company,” according to the Daily Beast.

A Remote Access Trojan (also using the acronym RAT) is a type of malware program that includes a back door, which gives an unknown attacker remote administrative control. RATs are usually downloaded by a user when a link is clicked, often as an email attachment or a downloadable game.

While the Daily Beast article, written by former black-hat hacker Kevin Poulsen, suggests that Huddleston is being unfairly targeted, an article in Krebs On Security explains that the case is more complicated.

Peter Levashov, also known as Peter Severa​A hacker from Saint Petersburg, Russia, described as a criminal kingpin, was arrested in Spain on April 7. Known as the "Spam King," had control of as many as 100,000 computers at times. The computers were infected using malware delivered to the computer by a user clicking on an email link.

While it is unclear if Levashov's computer network played a role in the 2016 U.S. election, the computer botnet controlled by him was used to spread fake news about the opponent of Vladimir Putin in Russia's 2012 election. His botnet may also have been instrumental in the attack in 2007 on the Estonian banking system.

U.S. law enforcement officials have been watching for an opportunity to arrest Levashov for years.

There seems to be a lot of bot and troll activity on Twitter this weekend.How can you tell if a Twitter account is a bot? Here is a quick guide.

If the account uses a fake name, it might be a bot.

If the account was created recently (March 2017 there was a big surge), it might be a bot.

If the account has few followers (less than a hundred), or if the number of followers seems unrealistically high for the persona, if might be a bot. If an anonymous “Christian mom, loves animals, hates Trump” account has thousands of followers, they were likely purchased.

If the account has an egg as a profile, or a blank blue background for the banner photo, it may be a bot. These are often accounts that either haven’t been fleshed out (by paid employees of the Saint Petersburg troll farm, or other locations likely outside the U.S.), or have been purchased cheaply in large blocks.

Some accounts are trolls, which guide bots to upvote certain posts or news stories. These are trickier to spot, but with some digging you can identify them based on their involvement in uptrending false or misleading news stories. Here are some illustrations that may help explain how bots attach themselves to the accounts of prominent people, especially those who raise awareness of unflattering stories about Trump’s associations with organized crime and Russia.

​The exchange above started out with some real people, and the bots seemed to take over:

​This is common - two bots begin a "conversation" with each other, drowning out conversation among real readers. Bots are algorithms, program code written to accomplish a goal. These bots are programmed by someone.

Here is another example of bot activity - multiple posts meant to drown out real conversation.

urns out I was right. "Kelly" was a bot.

When I find a bot or a troll, I just block them and move on. The goal of the programmers and personas is to confuse readers and depress real comments. Silencing them takes away their power.

​McClatchy DC reported July 13 that the Trump campaign data analytics operation is under scrutiny by the multiple investigations into possible coordination between the campaign and operatives working for the Russian government. “Congressional and Justice Department investigators are focusing on whether Trump’s campaign pointed Russian cyber operatives to certain voting jurisdictions in key states – areas where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton, according to several people familiar with the parallel inquiries.”

The McClatchy DC article explains that investigators now know that the Kremlin mounted a cyberattack on the United States of “unprecedented scale and sophistication” which delivered false and misleading stories about Hillary Clinton to the social media accounts of millions of voters.

Will Bunch summarized some of the issues in the investigation in Philly.com. His suggestion for understanding how the Russians interfered in our election, and how the Republican National Committee and the Trump campaign may have coordinated with them inolves just three words: Follow the data.

Bunch quotes Carole Cadwalladr of the Guardian:“There are three strands to this story. How the foundations of an authoritarian surveillance state are being laid in the US. How British democracy was subverted through a covert, far-reaching plan of coordination enabled by a US billionaire. And how we are in the midst of a massive land grab for power by billionaires via our data. Data which is being silently amassed, harvested and stored. Whoever owns this data owns the future.”

An article from Advertising Age explained in December of 2016 how the Trump campaign data analytics team used multiple data sources to assemble a data strategy to target voters with maximum impact and minimum cost.

After an October 5 meeting, the data team concentrated on three groups of voters they needed to convince to vote for their candidate. “There were three especially important voter segments they'd need to swing towards their candidate: unallocated voters, defined as people who were predisposed to listen to the Trump campaign and the GOP's message; ‘DJT Underperform’ voters, or Republicans still unconvinced about supporting Mr. Trump; and ‘HRC Change’ voters, defined as people leaning toward Hillary Clinton but also craving change in government."

Investigators now suspect, according to the McClatchy DC article from July 13, that the Russians targeted voters in swing states, even in key precincts. According to a source familiar with the criminal probe into Trump-Russia collaboration, investigators doubt that Russian operatives controlling the bots and trolls that distributed false and misleading news stories and memes satirizing Clinton could have “independently ‘known where to specifically target … to which high impact states and districts in those states.’”

A June 2017 article in The Verge provides insight into how Deep Root Analytics, which worked on the campaign for the Republican National Committee, scooped up data from Reddit, but it is still unclear how this data was used to target voters. ​The scooped data was found when Deep Root Analytics left highly personal data about nearly 200 million U.S. voters on an unprotected cloud server in June. The exposed data, which includes multiple data points about far more voters than those registered Republican, The Verge suggests that Deep Root Analytics may have been attempting to match Reddit profiles with voter information data, perhaps to categorize voters into the groups identified as important to turn toward Trump.

​The giant RNC data leak of nearly 200 million voters’ information was discovered in June of 2017 by Chris Vickery, a well-known cyber risk researcher working for the company Upguard, who has discovered these kinds of breaches before.A detailed article about the RNC breach, along with a recorded question and answer period with Vickery, was published by the cyber security company Upguard, and updated July 12. The article can be found here.https://www.upguard.com/breaches/the-rnc-files

Jared Kushner, advisor to President Trump, has become a focus of the FBI investigation into possible coordination between the Trump campaign and the Russian government. CNN described the three areas of interest to investigators, according to U.S. officials: the Trump campaigns data analytics operation; Kushner’s relationship with General Michael Flynn; and Kushner’s contacts with Russians, which were not disclosed on his Standard Form 86 when he applied for his security clearance.

Many millions of Americans have been victims of data theft, including information about personal health, credit card and other financial information, emails, and purchasing habits. Some of the larger thefts are described below.

While people tend to think of data theft as primarily a financial crime, it is becoming increasingly clear that there may be other reasons for thieves to steal personal data. In the case of the Yahoo hack, data stolen may have been used for blackmail.

YahooIn 2014, Russian hackers stole the data of 500 million Yahoo users. The hacking group included Russian intelligence officers. According to the New York Times and federal documents, the Russian government used the stolen data to spy on journalists, government and military officials, bank executives, two cloud computing companies, one airline, and a Nevada gambling regulator.

Trump HotelsReuters reported on July 12, 2017 that Trump International Hotels Management LLC had announced that a data breach at a service provider compromised credit card payment details at 14 of its properties. It was unclear today how many customers were affected.Last year Trump International Hotels Management paid a $50,000 fine in New York state for failing to notify customers immediately after data breeches in 2015 exposed more than 70,000 credit card numbers and 300 Social Security numbers. The company also agreed to update its security practices.According to a report in the Los Angeles Times, the Trump hotel chain is probably a greater target for hackers because the chain has been attracting more Republican politicians, industry lobbyists, and foreign officials who use the hotel to try to curry favor with President Trump. The Reuters article can be found here.https://www.reuters.com/article/us-trumphotels-cyber-idUSKBN19X2G2The Los Angeles Times article can be found here.http://www.latimes.com/business/la-fi-trump-hotels-20170712-story.html

Home DepotA 2014 cyberattack on the home improvement chain Home Depot resulted in the theft of credit card data from 56 million customers. In addition, the email address information of about 53 million customers was also stolen.Home Depot was ordered to pay $27.2 million to financial institutions that bore the brunt of the financial burden from the attack, and to update its security practices.The gang that launched the attack used malware to steal payment information at self-checkout lanes in the U.S. and Canada. They were inside the system from April to September of 2014.A March 2017 article from Infosecurity Magazine about the Home Depot breach can be found here.https://www.infosecurity-magazine.com/news/home-depot-to-pay-2725m/

AnthemA cyberattack on health care company Anthem resulted in a security breach of 78.8 million individuals’ protected health information. A national investigation of the breach pointed to “a foreign government” as the source of the attack.The breach began in February of 2014, when a user within an Anthem subsidiary opened a phishing email containing malware. Opening the email enabled the malicious program to infect the system and allow the hackers remote access to at least 90 computer systems within the Anthem group of companies.In response to the breach, Anthem agreed to enhance its security systems, and to provide credit protection to consumers who experienced information theft.The press release from the California Insurance Commissioner about the Anthem breach can be found here.http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfmAn article from Fox Business can be found here.http://www.foxbusiness.com/features/2017/06/23/anthem-agrees-to-115-million-settlement-data-breach-lawsuit.html

FacebookMicrotargeting (aiming advertising and other content very specifically at users who meet certain criteria) was used extensively in the 2016 presidential election to boost stories critical of Hillary Clinton and favorable to Donald Trump.An article published in Mother Jones in October of 2016, which originally appeared in ProPublica, describes the process.http://www.motherjones.com/politics/2016/10/facebook-advertisers-exclude-users-by-race/

According to a Slovakian internet security company called ESET, Russian state hackers used Britney Spears’s official Instagram account as a means of communicating the location of the group’s command and control server. This was done without the knowledge of Spears or her team.​Coded messages within the comments on the Instagram posts pointed to the location of the C & C server. Communication the location of the server in this way means the location can change to avoid detection.

According to an article in the New York Times published today, hackers have been penetrating computer networks of nuclear power stations and manufacturing plants in the U.S. and other countries. Since May, companies such as Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant in Kansas, have been targeted, according to a report by the Department of Homeland Security and the FBI.

Bloomberg reported today that at least a dozen power plants in the U.S. were targeted, and that the chief suspect is the government of Russia. The New York Times reported that, according to two people familiar with the investigation, the hackers used techniques similar to “Energetic Bear,” the Russian hacking group that researchers think have attacked the energy sector since at least 2012.

The DHS/FBI joint report did not specify whether the hacks were designed to steal secrets or to cause destruction. John Keeley, a spokesperson for the Nuclear Energy Institute, said in the New York Times that none of the facilities targeted have reported that the attacks affected the security of their operations.